Total
8338 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20728 | 1 Nedi | 1 Nedi | 2024-11-21 | N/A |
| A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php. | ||||
| CVE-2018-20648 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-11-21 | N/A |
| PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php. | ||||
| CVE-2018-20644 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2024-11-21 | N/A |
| PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. | ||||
| CVE-2018-20641 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | N/A |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | ||||
| CVE-2018-20633 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2024-11-21 | N/A |
| PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | ||||
| CVE-2018-20613 | 1 Temmoku Project | 1 Temmoku | 2024-11-21 | N/A |
| TEMMOKU T1.09 Beta allows admin/user/add CSRF. | ||||
| CVE-2018-20612 | 1 Asthis | 1 Universal Website Asthis | 2024-11-21 | N/A |
| UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. | ||||
| CVE-2018-20603 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | N/A |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. | ||||
| CVE-2018-20598 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| UCMS 1.4.7 has ?do=user_addpost CSRF. | ||||
| CVE-2018-20595 | 1 Hsweb | 1 Hsweb | 2024-11-21 | N/A |
| A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful. | ||||
| CVE-2018-20582 | 1 Gree | 1 Gree\+ | 2024-11-21 | 8.8 High |
| The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Forgery. | ||||
| CVE-2018-20577 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2024-11-21 | N/A |
| Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | ||||
| CVE-2018-20576 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2024-11-21 | N/A |
| Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | ||||
| CVE-2018-20419 | 1 Douco | 1 Douphp | 2024-11-21 | N/A |
| DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account. | ||||
| CVE-2018-20231 | 1 Simbahosting | 1 Two-factor-authentication | 2024-11-21 | N/A |
| Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation. | ||||
| CVE-2018-20228 | 1 Subsonic | 1 Subsonic | 2024-11-21 | N/A |
| Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. | ||||
| CVE-2018-20188 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | N/A |
| FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. | ||||
| CVE-2018-20015 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| YzmCMS v5.2 has admin/role/add.html CSRF. | ||||
| CVE-2018-1934 | 1 Ibm | 1 Cognos Business Intelligence | 2024-11-21 | 8.8 High |
| IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179. | ||||
| CVE-2018-1927 | 1 Ibm | 1 Storediq | 2024-11-21 | N/A |
| IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118. | ||||